id: access-log-file info: name: Publicly accessible access-log file author: sheikhrishad severity: low tags: logs,exposure metadata: max-request: 4 http: - method: GET path: - "{{BaseURL}}/access.log" - "{{BaseURL}}/log/access.log" - "{{BaseURL}}/logs/access.log" - "{{BaseURL}}/application/logs/access.log" matchers-condition: and matchers: - type: word words: - '"GET /' - type: word words: - "text/plain" part: header - type: status status: - 200